Boris Ransomware Removal Guide

Boris Ransomware is a threat that shows a ransom note called README.txt and containing a text written in Russian. It states user’s files were encrypted, and the only way to get them back is to send an email to decode77@sfletter.com. Our specialists are almost one hundred percent sure the reply from the hackers would contain instructions on how to pay a ransom in exchange for decryption. Of course, it is not something we advise since it might appear to be a complete waste of money. There are no reassurances the malware’s developers will help you decrypt locked data even if you pay the requested sum and sadly, it would be impossible to get your money back if they decide to trick you. Therefore, instead of putting up with any demands we advise eliminating Boris Ransomware and restoring encrypted data from backup (if there is such an option). To see the instructions explaining how to remove the infection, slide below this report.

The malware might enter the system after the user opens its installer. You may ask why anyone would do such a thing. Sadly, the installers of malicious programs like Boris Ransomware usually pretend to be something else. For example, it could appear as a text document received via Spam emails or a software installer downloaded from untrustworthy sources. This is why we always recommend scanning doubtful files you suspect to be possibly unreliable with a trustworthy security tool first. The other way to stay away from threats alike would be to avoid opening files or clicking links sent by unknown senders or under suspicious circumstances.

Once, Boris Ransomware settles in the malicious program may try to connect to /testdecode77.000webhostapp.com/write.php. The server should belong to the hackers who developed the threat. Currently, it is down, which means the infection might be unable to initiate the encryption process. What’s more, the server’s title sounds like a phrase “test the code.” This could mean the malware is a test version or in other words, it is not yet finished. This makes us think Boris Ransomware might be distributed only among few victims to test it or it might not be spread yet at all. In any case, if it was our specialists learned the infection should encrypt files with the following extensions: .dt, .DBF, .1CD, .doc, .docx, .xls, .pdf, .xlsx, .csv, .mdb, .sln, .sql, .zip, and .rar. It is only a small part of what it could encipher as there are much more different file types, which is another reason that makes it sound possible the malicious program could be still in development.

After the encryption process, Boris Ransomware is supposed to create a ransom note called README.txt. As said earlier its text may say you need to contact the malware’s developers via email, but we do not advise it because they could ask to pay a ransom and doing so might be risky. It seems to us for users who do not want to take any chances the smartest choice would be to remove the threat, and them restore all encrypted files (data with .[decode77@sfletter.com].boris extension) using backup copies, for example, data located on removable media devices, cloud storage, social media accounts, etc. To learn how to eliminate the malicious program manually check the instructions placed below, but if you prefer using automatic features, you should download a reliable security tool instead.